Home » spyware » Page 5

spyware

Help! I do tech support for everyone I know!

Here’s an interesting dilemma: How do you avoid becoming the primary technical support contact for all of your friends and family?
Richard “Rich Job” Jobity asked a really good question, didn’t he? I had to think about it for a while. That label fit me for a very long time. In the past year, it stopped, but I never knew exactly why. He made me think about it, and I found I’d done some interesting things on a subconscious level.

There was a time when I didn’t mind. I was 16 and still learning, I had some disposable time on my hands, and, frankly, I enjoyed the attention. You can learn a lot by fixing other people’s computers. And I used at least one of those friends as a reference to get my first three computer-related jobs. But over time, my desire changed.

I think a good first step is to identify exactly why it is you don’t want to be the primary technical support contact for all your friends and family.

In my case, I spend 40 hours a week setting up and fixing computers. And while I definitely spend some time off the clock thinking about computers, I also definitely want to spend some time off the clock thinking about something other than computers.

I have a life. I have a house to take care of, I have meetings to go to, and I have a social life. Not only that, I have bills to pay and errands to run, and physical needs to tend to as well, like cooking dinner and sleeping. And people get really annoyed with me for some reason if I don’t ever wash my clothes.

So if you get into a situation like I got into a year ago, when I had a friend calling me literally every night for a week with some new computer problem and keeping me on the phone for several hours a night while we tried to sort them out, I think it’s perfectly understandable for any reasonable person to be a bit upset. So here are my tips for someone who wants to head off that kind of a problem.

Have realistic expectations on all sides. So the first step is to make sure your friends and your family understand that you have responsibilities in life other than making sure their computers work. You’ll do your best to help them, but it’s unrealistic to expect you to drop everything for a computer problem the same way you would drop everything for a death in the family.

Limit your availability. Don’t help someone with a computer problem while you’re in the middle of dinner. You’ll be able to concentrate better without your stomach growling and you won’t harbor resentment about your dinner getting cold. Have him or her step away from the computer and go for a walk and call back in half an hour. The time away from the computer will clear his or her mind and help him or her better answer your questions. Don’t waver on this; five-minute problems have ways of becoming hour-long problems.

Here’s a variant of that. I had a friend having problems with a Dell. She called Dell. She got tired of waiting on hold. “I know, I’ll call Dave,” she said. “Dave’s easier to get ahold of than this.”

She may have tried to call me, but last week I was everywhere but home, it seemed. She didn’t leave a message, so I didn’t know she’d called. The moral of the story: Don’t be easier to get ahold of than Dell. Or whoever it was that built the computer or wrote the software.

What if I’d been home? It depends. If I’d been home and playing Railroad Tycoon, I’d be under more obligation to help a friend in need than I would be if I were home but my girlfriend was over and I was fixing her dinner or watching a movie with her. The key is to remember your other obligations and don’t compromise on them.

I remember a week or two ago, I was sitting on my futon with my girlfriend, watching a movie, arms entangled in the weird way the way they tend to do when you want to be close to someone. The phone rang. I didn’t move. “You’re not going to answer that?” she asked. “No,” I said. Since when is it rude not to answer your phone? They didn’t know I was home. If I don’t want to talk at that instant, I’m not obligated to. Besides, both of us would have had to move for me to pick up the phone. So I ignored it. She looked at me like I’d paid her some kind of compliment, that I’d rather stay there with her than yak on the phone. Call me old-fashioned, but that used to go without saying.

Whoever it was didn’t leave a message. If it’d been important, either they would have or they would have called me back. (Maybe it was the friend who’d thought of using me as a substitute for Dell tech support. Who knows.)

Don’t do a company’s work for them. If someone’s having a problem with a Dell, or having a problem dialing in to the Internet, I stay away from the problem. If a Dell is having hardware problems, the user will have to call Dell eventually anyway, and the tech will have procedures to follow, and there’s no room in those procedures for a third-party diagnosis. Even if that third party is a friend’s cousin’s neighbor who supposedly wrote a computer book for O’Reilly three years ago. (For all the technician knows, it was a book about Emacs, and you can know Emacs yet know a whole lot of nothing about computer hardware, especially Dell hardware. But more likely he’ll just think the person’s lying.)

And if someone can’t dial into an ISP, well, I may very well know more about computers than the guy at the ISP who’s going to pick up the phone. I may or may not be more intelligent and and more pleasant and more articulate than he is. But the fact is, I can only speculate about whatever problems the ISP may be having. And seeing as I don’t use modems anymore and haven’t for years, I’m not exactly in a good position to troubleshoot the things. Someone who does tech support for an ISP does it every day. He’s going to do a better job than me, even if he’s not as smart as I am.

Know your limits. A year ago, a friend was having problems with OS X. She asked if I’d look at it. I politely turned her down. There are ideal circumstances under which to try to solve a problem, but seeing the OS for the first time isn’t it. She called Apple and eventually they got it worked out. It’s a year later now. Her computer works fine, we’re still on speaking terms, and I still haven’t ever seen OS X.

Around the same time, another friend toasted her hard drive. I took on that challenge, because it was PC hardware and she was running an operating system I’d written a book about. It took me a while to solve the problem, but I solved it. It was a growth opportunity for me, and she’s happy.

And this is related to the next point: If you’re not certain about something, say so. It’s much better to say, “This is what I would do, but I’m really not sure it’s the best thing to do” than it is to give some bad advice and pretend that it’s gospel. Get your ego out of the way. There’s no need to try to look good all the time (you won’t).

Limit your responsibility. If your uncle has a six-year-old PC running Windows 95 and ran out and bought a USB-only printer because it was on sale at Kmart and now he’s having problems getting it running and he never asked you about any of this, how much responsibility should you be willing to shoulder to get that printer running?

I’m inclined to say very little. It’s one thing to give some bad advice. It’s another to be dragged into a bad decision. If the only good way to get the peripheral running is to buy Windows XP and wipe the hard drive and install it clean, don’t let that be your problem.

Don’t allow yourself to be dragged into giving support for free software downloaded off the ‘Net, supercheap peripherals bought from who-knows-where, or anything else you can’t control.

You can take this to an extreme if you want: Partition the hard drive, move My Documents over to the second partition, and then create an image of the operating system and applications (installed on the first partition, of course). Any time you install something new, create a new image. When your friend or relative runs into trouble, have him or her re-image the computer. He or she can reinstall Kazaa or whatever notorious app probably caused the problem if desired, but you can disclaim responsibility for it.

Which brings me to:

Disclaim all responsibility for poor computer habits. Gatermann and I have a friend whose brother repeatedly does everything I’d do if I wanted to set out to mess up someone’s computer. He downloads and installs every gimmicky piece of free-with-strings-attached software he can find, turning his computer into a cocktail of spyware. He runs around on Kazaa and other file-sharing networks, acquiring a cocktail of who-knows-what. He opens every e-mail attachment anybody sends to him, acquiring a cocktail of viruses. He probably does things I’ve never thought of.

Gatermann installed antivirus software on the computer, and we’ve both run Ad-Aware on it (if I recall, one time I ran it I found 284 instances of spyware). Both of us have rebuilt the system from scratch numerous times. The kid never learns. Why should he? Whatever he does, one of Tim’s friends will come over and fix it. (I guarantee it won’t be me though. I got sick of doing it.)

Some good rules to make people follow if they expect help from you:
1. Run antivirus software and keep it current. This is a non-negotiable if you’re running Windows.
2. Stay off P2P networks entirely. Their clients install spyware, and you know about the MP3 buffer overflow vulnerability in WinXP, don’t you? Buy the record and make your own MP3s. Half.com is your friend.
3. Never open an unexpected e-mail attachment. Even from your best friend.
4. If you don’t need it, don’t install it. Most free Windows software comes with strings attached in the form of spyware, these days. If you don’t want to pay for software, run Linux.
5. If you must violate rule 4, run Ad-Aware religiously.

And? This doesn’t mean I never get computer-related phone calls. A family member called me just this past Sunday with a noisy fan in a power supply. I found him a cheap replacement. I went over to my girlfriend’s family’s house Sunday afternoon and fixed their computer. (It made me wonder if the “4” in Pentium 4 stood for “486.” Its biggest problem turned out to be 255 instances of spyware. Yum.)

But I’m not afraid to answer the phone, I don’t find myself giving people longshot answers just to get them off the phone long enough for me to go somewhere or start screening my phone calls. And I find myself getting annoyed with people less. Those are all good things.

The worm that’s not a worm

I got mail at work today. The subject:
David you have an e-card from Alex.

Well, about the only person I know who calls me David is my mom. And I don’t know anybody named Alex. And why would a guy be sending me an e-card? Not wanting to explore that possibility any further, I disregarded it.

Then I remembered reading about something like that somewhere, so I went back and looked at it.

Short story: A really sleazy e-card company is sending out e-mail containing nothing but an URL at friendgreetings.com, which sends down ActiveX controls and installs some spyware that, among other things, sends bogus cards to everyone in your Outlook address book. That’s where I got that e-card message from. I was in this guy’s address book, for whatever reason. (Turns out he’s the webmaster at work. Funny how the webmaster and the hostmaster can go for long periods of time and never meet, eh?)

Officially, this isn’t a virus or a worm because it’s a company doing this crap, rather than a bored loser who lives in his parents’ basement and you have to click on an EULA (which most people do blindly anyway) for it to activate. I fail to see the difference, but I guess I’m weird that way.

I originally wrote that the anti-virus makers didn’t consider this a worm, but Symantec seems to have relented. You can get a removal tool at Symantec’s site.

If you want to protect yourself pre-emptively, locate your hosts file (in C:\winnt\system32\drivers\etc on NT/2000/XP; I’m wanting to say it’s in C:\Windows\System on Win9x; on most Unix systems it’s in /etc, not that it matters since this not-a-worm runs on Windows) and add the following entry:

127.0.0.1 www.friendgreetings.com

More cleanly, you can ask your network admins really nicely if they can block friendgreetings.com at the firewall or DNS level.

If you have inadvertently unleashed this monster, first, close Outlook immediately. Normally, I’d advise getting right with everyone else before cleaning things up, but since there’s the risk of making things worse if you do it that way, clean house, then start apologizing.

Next, download the removal tool.

If you want to be really safe, go into the control panel and remove anything that appears to have anything to do with friendgreetings.com. Next, I’d go to www.cognitronix.com and download Active Xcavator and remove anything having to do with friendgreetings.com. Next, I’d head over to LavaSoft and download Ad-Aware and let it shoot anything that moves.

Next, apologize profusely to the guy who runs your mail server (ours got clogged up for hours processing all the mail from not-our-friendgreetings.com) and to everyone in your address book. I can’t offer you any advice on the best way to do that. Except I’d use something other than Outlook to do it. Head over to TinyApps.org to find yourself a small freeware mail client. Assuming you’re not on an Exchange server, I’d suggest pulling the network plug before firing up Outlook again to get those e-mail addresses.

Meanwhile, it would do no good whatsoever if everyone who’s gotten one of these annoying e-cards (whether they opened it or not) opened a command prompt and typed ping -t www.friendgreetings.com and left it running indefinitely. No good whatsoever. It’s still a distributed denial of service attack if all of the participants participate voluntarily and independently. Right?

Is Windows optimization obsolete?

I read a statement on Bob Thompson’s website about Windows optimization, where he basically told a reader not to bother trying to squeeze more speed out of his Pentium-200, to spend a few hundred bucks on a hardware upgrade instead.
That’s flawed thinking. One of the site’s more regular readers responded and mentioned my book (thanks, Clark E. Myers). I remember talking at work after upgrading a hard drive in one of the servers last week. I said I ought to put my 10,000-rpm SCSI hard drive in a Pentium-133, then go find someone. “You think your Pentium 4 is pretty hot stuff, huh? Wanna race? Let’s see who can load Word faster.” And I’d win by a large margin. For that matter, if I were a betting man I’d be willing to bet a Pentium-200 or 233 with that drive would be faster than a typical P4 for everything but encoding MP3 audio and MP4 video.

Granted, I’ve just played into Thompson’s argument that a hardware upgrade is the best way to get more performance. An 18-gig 10K drive will run at least $180 at Hyper Microsystems, and the cheapest SCSI controller that will do it justice will run you $110 (don’t plug it into anything less than an Ultra Wide SCSI controller or the controller will be the bottleneck), so that’s not exactly a cheap upgrade. It might be marginally cheaper than buying a new case, motherboard, CPU and memory. Marginally. And even if you do that, you’re still stuck with a cruddy old hard drive and video card (unless the board has integrated video).

On the other hand, just a couple weekends ago I ripped out a 5400-rpm drive from a friend’s GW2K P2-350 and replaced it with a $149 Maxtor 7200-rpm IDE drive and it felt like a new computer. So you can cheaply increase a computer’s performance as well, without the pain of a new motherboard.

But I completely and totally reject the hypothesis that there’s nothing you can do in software to speed up a computer.

I was working on a computer at church on Sunday, trying to quickly burn the sermon onto CD. We’re going to start recording the sermon at the 8:00 service so that people can buy a CD after the 10:45 service if they want a copy of it. Since quality CDs can be had for a buck in quantity, we’ll probably sell discs for $2, considering the inevitable wear and tear on the drives. Today was the pilot day. The gain was set too high on the audio at 8:00, so I gave it another go at 10:45.

That computer was a Pentium 4, but that Pentium 4 made my Celeron-400 look like a pretty hot machine. I’m serious. And my Celeron-400 has a three-year-old 5400-rpm hard drive in it, and a six-year-old Diamond video card of some sort, maybe with the S3 ViRGE chipset? Whatever it is, it was one of the very first cards to advertise 3D acceleration, but the card originally sold for $149. In 1996, for 149 bucks you weren’t getting much 3D acceleration. As for its 2D performance, well, it was better than the Trident card it replaced.

There’s nothing in that Celeron-400 worth bragging about. Well, maybe the 256 megs of RAM. Except all the l337 h4xx0r5 bought 1.5 gigs of memory back in the summer when they were giving away 512-meg sticks in cereal boxes because they were cheaper than mini-frisbees and baseball cards (then they wondered why Windows wouldn’t load anymore), so 256 megs makes me look pretty lame these days. Forget I mentioned it.

So. My cruddy three-year-old Celeron-400, which was the cheapest computer on the market when I bought it, was outperforming this brand-new HP Pentium 4. Hmm.

Thompson says if there were any settings you could tweak to make Windows run faster, they’d be defaults.

Bull puckey.

Microsoft doesn’t give a rip about performance. Microsoft cares about selling operating systems. It’s in Microsoft’s best interest to sell slow operating systems. People go buy the latest and worst greatest, find it runs like a 1986 Yugo on their year-old PC, so then they go buy a Pentium 4 and Microsoft sells the operating system twice. Nice, isn’t it? After doing something like that once, people just buy a new computer when Microsoft releases a new operating system. Or, more likely, they buy a new computer every second time Microsoft releases a new operating system.

Microsoft counts on this. Intel counts on this. PC makers count on this. Best Bait-n-Switch counts on this. You should have seen those guys salivating over the Windows 95 launch. (It was pretty gross, really, and I didn’t just think that because I was running OS/2 at the time and wasn’t interested in downgrading.)

I’ve never had the privilege of working for an employer who had any money. Everywhere I’ve worked, we’ve bought equipment, then run it until it breaks, then re-treaded it and run it until it breaks again. Some of the people I work with have 486s on their desks. Not many (fortunately), but there are some. I’ve had to learn how to squeeze the last drop of performance out of some computers that never really had anything to offer in the first place. And I haven’t learned much in the past since I started my professional career in Feb. 1997, but I have learned one thing.

There’s a lot you can do to increase performance without changing any hardware. Even on an old Pentium.

First things first. Clean up that root directory. You’ve probably got dozens of backup copies of autoexec.bat and config.sys there. Get them gone. If you (or someone else) saved a bunch of stuff in the root directory, move it into C:My Documents where it belongs. Then defrag the drive, so the computer gets rid of the phantom directory entries. You’ll think you’ve got a new computer. I know, it’s stupid. Microsoft doesn’t know how to write a decent filesystem, and that’s why that trick works. Cleaning up a crowded root directory has a bigger effect on system performance than anything else you can do. Including changing your motherboard.

2. Uninstall any ancient programs you’re not running. Defrag afterward.

3. Right-click your desktop. See that Active Desktop crap? Turn it off. You’ll think you’ve got a new computer.

4. I am not making this up. (This trick isn’t in the book. Bonus.) Double-click My Computer. Go to Tools, Folder Options. Go to Web View. Select “Use Windows Classic Folders.” This makes a huge difference.

5. Turn off the custom mouse pointers you’re using. They’re slowing you down. Terribly.

6. Download and run Ad Aware. Spyware DLLs kill your system stability and speed. If you’ve got some spyware (you never know until you run it), Ad Aware could speed you up considerably. I’ve seen it make no difference. And I’ve seen it make all the difference in the world. It won’t cost you anything to find out.

7. Remove Internet Explorer. It’s a security risk. It slows down your computer something fierce. It’s not even the best browser on the market. You’re much better off without it. Download IEradicator from 98lite.net. It’ll remove IE from Win95, 98, ME, NT, and 2K SP1 or lower. If you run Windows 2000, reinstall, then run IEradicator, then install SP2 (or SP3 if it’s out by the time you read this). Then install Mozilla, or the lightweight, Mozilla-based K-Meleon instead. Need a lightweight mail client to replace Outlook Express? Give these a look. Run Defrag after you remove IE. You won’t believe how much faster your computer runs. Trust me. An Infoworld article several years back found that removing IE sped up the OS by as much as 15 percent. That’s more than you gain by moving your CPU up one speed grade, folks.

8. Reinstall your OS. OSs accumulate a lot of gunk, and sometimes the best thing to do is to back up your My Documents folder, format your hard drive, and reinstall your OS and the current versions of the apps you use. Then do all this other stuff. Sure, it takes a while. But you’ll have to do it anyway if you upgrade your motherboard.

9. Get a utilities suite. Norton Speed Disk does a much better job of defragmenting your hard drive than Windows’ built-in tool. It’s worth the price of Norton Utilities. Good thing too, because 90% of the stuff Norton Utilities installs is crap. Speed Disk, properly run, increases your disk performance enough to make your head spin. (The tricks are in the book. Sorry, I can’t give away everything.)

10. Get my book. Hey, I had to plug it somewhere, didn’t I? There are 3,000 unsold copies sitting in a warehouse in Tennessee. (O’Reilly’s going to get mad at me for saying that, so I’ll say it again.) Since there are 3,000 unsold copies sitting in a warehouse in Tennessee, that means there are about 3,000 people who don’t need to buy a new computer and may not know it. I don’t like that. Will there be an updated version? If those 3,000 copies sell and I can go to a publisher and tell them there’s a market for this kind of book based on the 2002 sales figures for my last one, maybe. Yes, there are things that book doesn’t tell you. I just told you those things. There are plenty of things that book tells you that this doesn’t. It’s 260 pages long for a reason.

Recent Microsoft OSs are high on marketing and low on substance. If Microsoft can use your computing resources to promote Internet Explorer, MSN, or anything else, they’ll do it. Yes, Optimizing Windows is dated. Spyware wasn’t known to exist when I wrote it, for instance. Will it help? Absolutely. I stated in that book that no computer made in 1996 or later is truly obsolete. I stand by that statement, even though I wrote it nearly three years ago. Unless gaming is your thang, you can make any older PC run better, and probably make it adequate for the apps you want to run. Maybe even for the OS you want to run. And even if you have a brand-new PC, there’s a lot you can do.

Like I said, I’d rather use my crusty old Celeron-400 than that brand-new P4. It’s a pile of junk, but it’s the better computer. And that’s entirely because I was willing to spend an hour or two cleaning it up.

Another entry from the Clueless Dept.

Someone else who needs to buy a clue. I normally don’t have a problem with John Dvorak, and frequently I actually like his stuff. He’s not as clueless as some people make him out to be. Dvorak’s not as smart as he thinks he is, but one thing I’ve noticed about his critics is that they usually aren’t as smart as they think they are either.
Dvorak’s most recent Modest Proposal is that we fire all the technology ignorami out there and then, essentially, throw away corporate standards, let end-users run anything they bloody well want, and basically make them administrators of their own machines.

I’ve got a real problem with that. Case point: One of my employer’s executives recently brought in his home PC and insisted we get it running with remote access. Only one problem with that: He has Windows XP Home. XP Home’s networking is deliberately crippled, so businesses don’t try to save money by buying it. A sleazy move, but a reality we have to live with. We got it to work somewhat, but not to his satisfaction. He’s mad, but mostly because he doesn’t have any idea what changes went on under the hood in XP and doesn’t know he’s asking the impossible. But he’s perfectly competent using Word, Excel, PowerPoint and Outlook. He’s also very comfortable ripping his CDs to MP3 format–he’s got one of the largest MP3 collections in the company. He’s competent technologically. But he has no business with admin rights on his computer.

The same goes for a lot of our users. The record I’ve found for the most spyware-related files installed on a work PC is 87. These aren’t the technical ignorami who are installing this garbage. It’s the people who know how to use their stuff, but they love shareware and freeware. Maybe some of it helps them get their work done. But these people are the first to complain when their system crashes inexplicably. And I’m expected to keep not only the corporate standard apps like M$ Office running, but I’m also expected to support RealPlayer, Webshots, Go!Zilla, Gator, WinAmp, RealJukebox, AOL, and other programs that run ripshod all over the system and frequently break one another (or the apps I’m supposed to support).

If the users were completely responsible for keeping their systems running, that would be one thing. But install all that stuff on one computer and try to keep it running. You won’t have enough time to do your job.

Dvorak argues that people like me should solely be concerned with keeping the network working. That’s fine, but what about when some Luddite decides to ditch all modern apps and bring in an IBM PS/2 running DOS 5.0 and compatible versions of Lotus 1-2-3 and WordPerfect and dBASE? Unless there’s already an Ethernet card in that machine, I won’t be able to network it. And the person who decides a Macintosh SE/30 running System 6.0.8 is where it’s at will have a very difficult time getting on the network and won’t be able to exchange data with anyone else either.

Those scenarios are a bit ridiculous, but I’ve had users who would have done that if they could have. And someone wanting to run XP Home absolutely is not ridiculous, nor uncommon. If my job is to network every known operating system and make those users able to work together in this anarchy, my job has just become impossible.

As much as I would love for people to use Linux in my workplace and something other than Word and Outlook, the anarchy Dvorak is proposing is completely unworkable. It’s many orders of magnitude worse than the current situation.

This is just wrong too. Yes, New Englanders, I know about heartbreak. I’m from Kansas City. At least your Red Sox have posted more than one winning record in the past 10 years.

Anyway, not only are the Royals’ glory years over, they’ve forgotten where their glory years came from. They’ve once again denied Mark Gubicza entry into their Hall of Fame. Who? In the late 1980s, Mark Gubicza was the Royals’ second-best pitcher, behind Bret Saberhagen. Injuries did him in the same as Saberhagen (only a little sooner) but he’s still among their career leaders in wins and strikeouts.

And after spending 13 seasons in a Royals’ uniform, the Royals had a chance to trade Gubicza for hard-hitting DH Chili Davis. But you don’t trade a guy who’s poured his heart and soul into the team for 13 years and stayed completely and totally loyal to it no matter how much it hurt, right? Gubicza said yes. Gubicza went to the GM and told him that if he could make the Royals a better team by trading him, to trade him.

Chili Davis hit 30 home runs for the Royals in 1997. Then he bolted for the Yankees.

Meanwhile, Gubicza blew out his arm for good and the Angels released him. He pitched two games for them.

It takes a great man to tell the team he loves that the best thing he can do for them is to get traded for someone who can help the team more. That was Mark Gubicza. They don’t make ’em like him anymore.

But even more importantly, the immortal Charley Lau was once again denied entry. Who’s he? He was a journeyman catcher who spent his entire career as a backup and whose career batting average was .255, but that was because he had about zero natural ability. He was a genius with the bat, which was how he managed to hit .255. More importantly, Lau was the Royals’ hitting coach in the early 1970s. He spotted some skinny guy who was playing third base because Paul Schaal couldn’t play third base on artificial turf and their first choice to replace him, Frank White, couldn’t play third base at all. This skinny blond fielded just fine, but he was hitting terribly. Lau asked him what he was doing over the All-Star break. The kid said he was going fishing with Buck Martinez. Lau put his foot down. He told him he was going to stay in Kansas City and learn how to hit.

“He changed my stance. I had been standing up there like Carl Yastrzemski, but the next thing I knew I looked like Joe Rudi,” the kid recalled. But he started hitting. By the end of the year, he’d pulled his average up to a very respectable .282.

Soon Lau had every player on the Royals standing at the plate like Joe Rudi, and taking the top hand off the bat after contact with the ball. And the Royals created a mini-dynasty in the American League Western Division.

What was the name of that kid, anyway?

George Brett.

If it hadn’t been for Charley Lau, George Brett would have been nothing. The Royals probably would have never won anything. And they probably wouldn’t be in Kansas City anymore either. Who puts up with 30 years of losing, besides Cubs fans?

Charley Lau belongs in their Hall of Fame. Even if nobody besides George Brett and me remembers who he was.

Worst practices for e-mail

If you want to wreck your computer with a virus and put your neighbors’ computers at serious risk, there’s a really easy way to do it. Just be really cavalier with your e-mail habits. Approach e-mail with reckless abandon, and you’ll quickly receive your just reward.
But if you like having a computer that works well, and you kind of like your neighbors, there are things you can do to minimize your risk. If, on the other hand, you want to leave your mark on the world in a negative way, do the opposite of the things I suggest here.

1. Acquire good anti-virus software and keep it up to date. I’ve been configuring Norton AntiVirus to update itself every day. It’s excessive, but since it’s impossible to guess when the next big thing will come out, and it might hit you before you know about it, it’s the only safe way. Update every day, and keep autoprotect on, so that files are scanned as they’re created. That way, if you get a virus, it won’t get far. I also set NAV to scan the entire computer–all files, not just executable files–at least once a week.

While sweeping the network at work, I found copies of Nimda, but I also found old friends like SirCam, Happy99, PrettyPark, and Kak. Obviously people were aborting the scheduled updates and scans.

2. If you do get infected, don’t count on your antivirus package to completely clean up the mess. Visit www.sarc.com or www.antivirus.com/vinfo/virusencyclo to download a specialized removal tool for the virus your antivirus package caught. Run it to remove any residual damage your antivirus package may have missed.

3. Don’t take e-mail attachments from strangers. I take an even stronger stance than that. Frankly, when someone sends me e-mail with an attachment, the first thing I do is delete the message. I don’t even open it. I don’t care if I’ve known the guy who sent it for 10 years. Some attachments can execute without you even opening the message, so the only safe thing to do is delete it.

The only exception I make is when someone e-mails me and tells me something’s coming. Sure, I’ll look at my friend’s resume, as long as he lets me know ahead of time that it’s coming and I should look for it.

Yes, I miss some good jokes and fun games that way. But you know what? I’d rather be accused of having no sense of humor than to have to rebuild my computer. I don’t have time to rebuild my computer. I’m already too busy rebuilding the computers that belong to people who open each and every e-mail attachment they get.

The virus of the week is W32.Vote.A, which masquerades as a chance to vote for peace or war between the United States and the Middle East. It doesn’t actually let you vote; it e-mails itself to your contacts and deletes files off your drive.

4. Don’t be the first on your block with the newest Microsoft software. Microsoft continues to refuse to take security seriously. No one in his right mind should be running Internet Explorer and Outlook Express 6.0 right now. Every single dot-oh release from Microsoft in recent memory has been an atrocity. Get Internet Explorer 5.5SP2 and stick with it. It’s fast, it’s as stable as anything Microsoft has written, and all the known holes that viruses exploit have been patched. Is the same true for 6.0? Who knows?

5. Don’t use a Microsoft e-mail client if you can help it. Microsoft’s the biggest kid on the block, so their mail clients are the most frequent targets. They also have more security holes in them than a vacant building in East St. Louis. There are a number of competent alternatives out there, including Pegasus, Netscape Messenger, and Qualcomm Eudora. (Just watch out for Euroda’s spyware–run Ad-Aware from www.lavasoftusa.com after you install Eudora.)

6. If you must use a Microsoft e-mail client, turn off the preview pane. Also, go to the client’s security options and put it in the Restricted Sites zone. That way when some idiot forwards you a message with hostile ActiveX code in it to automatically execute an attachment that e-mails itself to everyone in your inbox and address book and then low-level formats your hard drive, you won’t be affected. There is absolutely no legitimate reason for HTML e-mail to contain any ActiveX, Java, or JavaScript.

7. Don’t run any Microsoft software if you can help it. A Mac doesn’t count–the most popular Mac application is (drum roll please) Microsoft Office. Besides, there are plenty of Mac viruses out there to get you too. I’m writing this on a cheap PC running Linux. I use a tiny, lightning-fast mail client called Sylpheed. It takes up 733K on my hard drive. Outrageous, isn’t it? I use a tiny, lightning-fast Web browser called Dillo. It’s secure as a rock because it doesn’t do Java, JavaScript, or ActiveX. It renders pages instantly. It’s 240K in size. They’re both in alpha testing, but they crash less for me than Internet Explorer 5.5 and Outlook 2000SP2. And don’t be fooled by the tiny size: I compiled them for speed, not size. If I’d used size optimizations they’d be a lot smaller.

8. Don’t run your Web site on IIS. Even the Gartner Group is recommending everyone abandon IIS ASAP. It’s impossible to keep up with the patches well enough to prevent outbreaks like Nimda. Nimda knows about 16(!) security holes in IIS that it can exploit in order to send itself to people who visit your Web page. Yes, people try to hack Apache. Of course they do–70% of the Web uses it. But I hear of one Apache vulnerability a year. That compares to one IIS vulnerability a week. It is fiscally and socially irresponsible to bank your business on such an insecure, poorly written piece of software. (This site runs on Apache, and its only downtime in five months has been from a power failure. Zero crashes, no having to take it down to apply a patch. My system uptime reads 112 days.)

01/21/2001

Mailbag:

Win-Mac; IQ; Networking; Mobos

Run OptOut! I was talking today to a good friend who lives a couple of hours away. About a year ago he helped me straighten out–I looked like I was doing all the right things and avoiding the wrong things. I wasn’t drinking, wasn’t womanizing, and on the outside looked like I had everything together, but inside… Nope. He helped me get through it, and the year turned out to be nothing like I had planned, but that’s for the better I think.

But anyway, his computer was anything but better. He’d gone on an upgrade binge, buying memory and a big hard drive, and his system was as stable afterward as most celebrity marriages. So I walked him through reinstalling Windows, running msconfig and eliminating all but the minimal requirements in startup, and though that improved it wasn’t perfect. So I had him run OptOut, from www.grc.com . I ran it on my system at the same time so I could guide him through it. He found no spyware. I found 22 instances. Huh!? I’m normally much more careful than that. But that probably explains the IE crashes I’ve been getting. So I got rid of the spyware.

Do yourself a favor. Go download and run OptOut and see what you find.

More adventures in Linux Gatewayland. I spent another good chunk of the day at Gatermann’s, trying to get his Linux box running. We went ahead and installed a hard drive and an old 8X IDE CD-ROM. I installed a minimal Mandrake 7.2. Mandrake, like the single-floppy distro I’d tried, had problems. The NICs were inconsistent, giving different values when you booted. I don’t like the sound of that. I’m pretty sure I’ve got an old socket 7 board around here somewhere I can swap him, so I’m going to try another board. I’ve got some different NICs too. In the meantime, he’s going to put that drive and his cards in his K6-2 and see what happens. That ought to eliminate the cards themselves as a culprit. If that does the trick, I’ll either give him a different board or I’ll give him the 486 that’s served me well for the past year or so, since I’ll soon be getting a Linksys router. (And that’ll open up a spot on my desk and on my KVM for my out-of-retirement PC/AT. Woo hoo!)

Speaking of the PC/AT, the board doesn’t fit. Well, I can cram my new Soyo board into my ancient PC/AT case, but I won’t get memory in there with it. One of the drive bays sits too low, so there’s no clearance. So, it’s hacksaw time. Don’t try this at home, kids. That’ll eliminate any collectible value that case ever would have had, but with the motherboard, disk controller, and hard drive long gone and the serial number ripped off the back of the case by the previous owner, it probably never would have had any anyway. So I’ll be redefining the word “hacking” as it applies to this computer very soon. I’ve got some time. The CPUs that’ll free up a pair of Celeron 366s won’t arrive until Friday.

Mailbag:

Win-Mac; IQ; Networking; Mobos

Optimizing Windows questions from readers

Do you still think Netsonic is the best browser cache program ?Is there anything better than Netsonic, to speed up web surfing ?

Is there anything better than EasyMTU/ispeed to optimize one’s modem ?

———-
I haven’t found anything better than either. All of the MTU-type programs do essentially the same thing, the question is how much you want to pay for a utility that flips a couple of bits in the registry. EasyMTU and iSpeed do the job, and they’re free.

As for NetSonic, I haven’t found anything I like better. That program category, like fastloaders, was a great idea that never really caught on and it makes for slim pickings today. —

Subject: What new book(s) are you working on now?

Who will be your publisher, and what is your planned publication date for your upcoming book(s) ?

Is there a way to search all of your views (from #1 to #37) for a
particular topic or string ?

———-
The new book will be from O’Reilly. The topic is Linux, from the point of view of someone familiar with Windows (something that’s desperately needed, as I adamantly disagree with the view some hold that Linux needs to look, breathe, and act just like Windows. Next thing you know someone will be wanting it to crash like Windows too. The solution isn’t 4.3 billion clicky utilities that do one thing and give people RSI from too much mousing when there’s already a time-tested three-letter command with more power than most mortals can possibly imagine to do the job sitting right there–but I digress.) It’s maybe half-finished, so I don’t know yet when it will be finished, published or released. It hasn’t been announced yet, so very little has been decided (including the title). I understand there will be a “small mammal” on the cover. Sorry to be vague; that really is just about all I know.

As for a search engine, I’ve looked into some possibilities and haven’t really liked any of them. I know I’ve been indexed by Google and possibly others, so you could search for “Farquhar” and certain strings. It’s a crude solution. I do have something better up my sleeve but it’s likely to be a few months before I get a chance to implement it, as it will require me to change providers along with a whole bunch of other work.

What are “fastloaders” programs, mentioned in you email below ?

Can you give me the names of a few, and from where can I download them, to test them out ?

———-
I talk about them on page 71 of Optimizing Windows. One came with Norton Utilities and one with Nuts & Bolts; neither is compatible with Win98. (The Norton tool was better.) SuperFasst, from www.webcelerator.com, is compatible with both Win95 and 98. These programs use various tricks to shave a few seconds off program loading times. This was a bigger deal in 1995 than today (modern disks can load Word in 3 seconds, after all–SuperFasst might cut that down to 2-2.5, which isn’t a very noticeable difference). You might find you like it. I found it didn’t make a big enough difference for me to be worth the decreased stability now that fast hard disks are common and dirt cheap.
———-

More Windows speed-ups. I took a look today at www.webcelerator.com. These guys provide Superfasst, which I mentioned in Optimizing Windows. They’ve got a few new utilities to offer now, the most interesting of which creates images of CDs and then emulates a CD-ROM drive. This would be very, very useful for wringing more performance out of games that use a CD-ROM.

The downside to these guys is they want to monopolize your browser’s homepage. Change your homepage to something other than theirs, and their programs stop working. That’s a bit obnoxious. It would be nice if they’d offer a payment option. It is nice that they aren’t opting for the adware/spyware route (I think–I haven’t examined any of these tools in well over a year). I thought I’d pass along what I found though.